This agreement is between
Data Processor or Dailymails: Dailymails.org, an online Software Service Providers company registered in India
Data Controller: a person or company that controls the personal data processed using Dailymails Services.
Website: dailymails.org and any of its subdomains.
Service or Services: all content, services and products available at, or through the Website, including, but not limited to, Automate+, MobiAds, PayInvoice, Transactional Email Service, Dailymails News or CRMPLus using dailymails Website or API. API: Automated application programming interface to connect dailymails Services with other websites, servers or applications. Personal Data: any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Data Subject: an individual to whom Personal Data relates. Data Processing: processing of data on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU) 2016/679
Roles of the Parties.The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller and dailymails is the Data Processor. Customer’s Processing of Personal Data.Customer shall, in its use of the Services and provision of instructions, Process Personal Data in accordance with the requirements of applicable Data Protection Law. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. If dailymails believes or becomes aware that any of Customer’s instructions conflicts with any Data Protection Laws, dailymails shall inform Customer. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer obtained the Personal Data. dailymails Processing of Personal Data As Customer’s Processor, dailymails shall only Process Personal Data for the following purposes: (i) Processing required to provide the Services in accordance with the Agreement; and (ii) Processing to comply with other reasonable instructions provided by Customer that are consistent with the terms of the Agreement. dailymails acts on behalf of and on the instructions of Customer in carrying out all Processor responsibilities. dailymails shall process Personal Data in accordance with the requirements of the Data Protection Laws and Customer will ensure that its instructions for the Processing of Personal Data shall comply with the Data Protection Laws.
It is agreed that by signing this Data Protection Agreement any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this contract relieves the Data Processor nor the Data Controller of its own direct responsibilities and liabilities under the GDPR.
The Data Processor processes large amount of Personal Data, therefor it has appointed data protection officer: Mr Kamta Prasad Singh (contact DPO: firstname.lastname@example.org).
The Data Processor provides the Data Controller with whatever information it needs to ensure they both meet the obligations under GDPR. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller allowing Data Subjects to exercise their rights.
The Data Processor ensures that people accessing the Personal Data are subject to a duty of confidence. The Data Processor may not use sub-processors without the prior written authorisation of the Data Controller.
The Data Processor will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorised by the Data Controller or is required by law.
The Data Controller must have a lawful basis before beginning processing and should document it. The Data Processor reserves the right to ask the Data Controller for their documented lawful basis for processing. If requested the Data Controller must present their documented lawful basis for processing immediately but not later than 7 days.
Real time Data Processing through real time API takes no longer than 1 minute. Data uploaded in files – whether uploaded manually or using bulk API – may be processed as soon as possible after the process initiated by the Data Controller but can not take longer than 7 days. In terms of this agreement the Data Controller may initiate Data Processing as long as dailymails provides its Services.
The Data Processor stores and processes Personal Data on its servers in the India only.
Data Subject Requests.Dailymails shall, to the extent legally permitted and as may reasonably be expected, promptly notify Customer if it receives any requests from a Data Subject to exercise the following Data Subject rights: access, rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, objection to the Processing, or to not be subject to an automated individual decision making (each, a “Data Subject Request”). To the extent Customer, in its use or receipt of the Services, does not have the ability to action on a Data Subject Request, as required by Data Protection Laws, Dailymails shall promptly comply, if in a position to do so, with all reasonable requests by Customer to facilitate such actions to the extent dailymails is legally permitted and reasonably able to do so. To the extent legally permitted, Customer shall be responsible for any costs arising from dailymails provision of such assistance, including any fees associated with provision of additional functionality.
The Data Processor takes appropriate measures to ensure the security of Data Processing. Servers that process or store raw data are accessible through the Data Processor’s own virtual private network only. The Data Processor stores result files in an encrypted format.
The data is processed automatically on the Data Processor’s servers, without human interaction. If the Data Controller requests, or in certain cases when Data Processor wishes to review user activities, the Data Processor’s colleagues have the right to review files uploaded and result files provided on the Data Processor’s Website. In case the Data Processor need to investigate a complaint, the Data Processor might process or re-process data through its system. The Data Processor makes sure the colleagues are vetted and trained before allowing them to complete any review. This review happens in a safe environment, all files are deleted after review.
From time to time the Data Processor might use contractors to develop its Services. These contractors must specifically agree not to use data other than specifically requested by the Data Processor. All employees and contractors of the Data Processor accessing Personal Data are required to sign a non-disclosure agreement. The Data Processor completes data protection impact assessments at least once a year and takes necessary actions to improve data security if any improvement areas are found.
The Data Processor stores original and results files for up to 2 months only, after this period all files are automatically and permanently deleted.
Data Controller may delete their files at any time.
The Data Processor will notify the Data Controller about any Personal Data breaches – including but not limited to accidental or unlawful access or disclosure - within 72 hours of becoming aware of the breach.
The Data Processor shall not be liable for any of the Data Controller’s claims, damages, losses, expenses, costs or other liability in the event of Personal Data breach or loss under any circumstances.
The Data Processor agrees to coordinate with supervisory authorities.
The Data Controller must instruct the Data Processor to process Personal Data. The Data Processor will process as and when
the Data Controller instructs. The Data Processor provides a fully automated system where the Data Controller can initiate
- When the Data Controller manually uploads Personal Data in a file for contacts, the Data Controller must click on a button to start/initiate process.
- Files containing Personal Data uploaded using bulk API will be started automatically.
- Personal Data processed using real time API is processed automatically.
The Data Processor keeps logs of all activities. Such as but not limited to file upload, results download, number of successful API calls.
Either party may terminate this agreement by giving each other 1 weeks notice in writing. If both parties agree to a new Data Protection Agreement, it is effective immediately after signature.
This agreement, and any dispute or claim arising out of or in connection with it shall be governed by the law of India.