<aside>
Product & Feature Specific Terms
Anti-Bribery & Corruption Policy
</aside>
1.1. This Data Processing Agreement forms part of Agreement as defined in the LandTech General Terms & Conditions.
1.2. This Data Processing Agreement is made by and between the parties to the Agreement, and is entered into upon acceptance of the Agreement.
1.3. In this Data Processing Agreement:
1. Agreement: has the meaning set out in the LandTech General Terms & Conditions, of which this Data Processing Agreement forms part.
2. Controller: has the meaning ascribed to it in the Data Protection Legislation.
3. Customer: means the entity under the Agreement which has contracted with LandTech for the provision of Services.
4. Data Protection Legislation: means all laws and regulations that are applicable to the Processing of Customer Personal Data in connection with the provision of the Services under the Agreement. “Data Protection Laws” may include, but not limited to, the California Consumer Privacy Act of 2018 (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the United Kingdom General Data Protection Regulation (“UK GDPR”); and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time)
5. Data Subject: has the meaning ascribed to it in the Data Protection Legislation.
6. LandTech: means the entity under the Agreement providing services to the Customer.
7. Personal Data Breach: has the meaning ascribed to it in the Data Protection Legislation.
8. Process/Processing: has the meaning ascribed to it in the Data Protection Legislation.
9. Processor: has the meaning ascribed to it in the Data Protection Legislation.
10. Standard Contractual Clauses: means the “2021 Standard Contractual Clauses,” defined as the clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj amended and updated from time to time).
1.4. Except where expressly stated otherwise in this Data Processing Agreement, terms defined in the Agreement shall have the same meaning when used in this Data Processing Agreement.
2.1. Each party shall comply with its respective requirements under the Data Protection Legislation. The provisions of this Data Processing Agreement are in addition to, and do not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
2.2. The parties acknowledge and agree that:
(a) where applicable, for the purposes of the Data Protection Legislation, the Customer is the Controller and LandTech is the Processor;
(b) the subject-matter of the Processing is the Customer Personal Data;
(c) the duration of the Processing is the duration of the Agreement plus any period during which LandTech continues to Process Customer Personal Data at the written request of the Customer or where required by applicable laws;
(d) the nature and purpose of the Processing is the use of the Customer Personal Data in the performance of the Services as envisaged by the Agreement (including, without limitation, in connection with services provided by Third Party Suppliers);
(e) the types of Personal Data which shall be Processed are data required for the use and/or performance of the Services including but not limited to:
(i) first and last name;
(ii) title;
(iii) position;
(iv) employer;
(v) contact information (company, email, phone, physical business address);
(vi) ID data;
(vii) professional life data;
(viii) connection data; and
(ix) localisation data.
(f) the categories of Data Subjects are:
(i) Authorised Users;
(ii) prospects, customers and business partners of the Customer (who are natural persons); and
(iii) employees or contact persons of the Customer's prospects, customers and business partners.
3.1. Without prejudice to the generality of paragraph 2.1 of this Data Processing Agreement, LandTech shall, in relation to any Customer Personal Data which is Processed in connection with the performance by LandTech of its obligations under this Data Processing Agreement:
(a) process that Customer Personal Data only on the written instructions of the Customer (which shall be deemed to include the terms of this Data Processing Agreement), unless otherwise required by EU or Member State laws, in which case LandTech shall inform the Customer prior to Processing, unless prohibited from doing so by EU or Member State laws;
(b) ensure that all Supplier personnel who Process any Customer Personal Data are obliged to keep the same confidential;
(c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful Processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, and that these measures are appropriate to the harm that might result from the unauthorised or unlawful Processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
(d) assist the Customer, at the Customer's cost, in responding to any request from a Data Subject to exercise rights under the Data Protection Legislation and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify the Customer without unreasonable delay on becoming aware of a Personal Data Breach in relation to the Customer Personal Data;
(f) subject to any provision of the Agreement regarding the deletion or return of Customer Personal Data, and at the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Agreement unless required by EU or Member State laws to store the Customer Personal Data; and
(g) subject to and in accordance with any provision of the Agreement governing audit and access to records, make available to the Customer on request all information necessary to demonstrate compliance with the obligations in this paragraph 3, and allow for and contribute to audits, including inspections, conducted by the Customer or the Customer's designated auditor (provided always that audits shall be subject to reasonable prior notice, that the scope of the audit shall be agreed with LandTech in advance, and that the audit shall be conducted at the Customer's own expense).
3.2. LandTech shall inform the Customer if, in the Supplier's opinion, the Supplier's compliance with paragraph 3.1 (a) of this Data Processing Agreement would breach Data Protection Legislation. LandTech shall be entitled to suspend execution of the instructions concerned, until the Customer's Data Protection Officer (or such other person notified in writing by the Customer to the Supplier) confirms in writing that such instructions are lawful and are to be followed.
3.3. The Customer specifically authorises the use by LandTech of each of the Sub-processors listed in Annex 1 to this Data Processing Agreement, and generally authorises LandTech to make changes to its use of Sub-processors (including by appointing new Sub-processors). The authorisations granted by the Customer are subject to the conditions of paragraph 3.4.
3.4. LandTech shall:
(a) notify the Customer in advance of any change, thereby giving the Customer the opportunity to object to the change. Any such objections must be exercised without undue delay and on reasonable grounds;
(b) enter into written agreements with each Sub-processor which impose obligations on the Sub-processor which are consistent with the terms of this Data Processing Agreement; and
(c) remain liable for the acts or omissions of each Sub-processor, subject to clause 8 of the General Terms & Conditions.
4.1. The Customer authorises LandTech to transfer Customer Personal Data (or permit any Sub-processor to transfer Customer Personal Data) outside the European Economic Area, the US and the United Kingdom, as necessary to provide the Services. LandTech shall ensure that any such transfer complies with the Data Protection Legislation, including by (where necessary) ensuring that:
(a) appropriate safeguards are in place in relation to the transfer;
(b) the Data Subjects have enforceable rights and effective legal remedies; and
(c) providing an adequate level of protection to any Customer Personal Data that is transferred.
4.2. Where the Customer is established in the European Union and where the UK is, for the purposes of GDPR, a third country that does not ensure an adequate level of data protection (and therefore transfers of Personal Data between the Customer and LandTech would constitute restricted transfers for the purposes of Chapter V of the GDPR) (“Restricted Transfer”), Module Two (Transfer controller to processor) and Module Three (Transfer processor to processor) of the Standard Contractual Clauses shall hereby be incorporated into this Data Processing Agreement by reference, with effect from the commencement of any Restricted Transfer. For the purposes of the Standard Contractual Clauses:
(a) the Customer shall be the data exporter;
(b) LandTech shall be the data importer;
(c) Appendix 1 shall be populated with the relevant details set out in paragraph 2.2 of this Data Processing Agreement and Appendix 2Data Processing Agreement shall be populated with the Supplier's commitment as set out in paragraph 3(c) of this Data Processing Agreement
(d) the optional docking clause in clause 7 does not apply;
(e) the certification of deletion in 8.5 and 16(d) shall be provided upon the Customer's written request;
(f) in clause 11, the optional language does not apply;
(g) the information required under clause 15.1 (c) will be provided upon Customer's written request; and
(h) where the Data Subject is based in the UK, the Standard Contractual Clauses shall be supplemented by the Information Commissioner's Standard Data Protection Clauses to be issued by the Commissioner under s119A(1) of the Data Protection Act 2018.
| Supplier Name | Purpose (general description for information purposes only, not binding) | Website |
|---|---|---|
| AWS | Hosting | View Amazon AWS website |
| Auth0 | Login | View Auth0 website |
| Papertrail | Logging | View Papertrail website |
| Mandrill | View Mailchimp website | |
| Mailchimp | View Mailchimp website | |
| Intercom | Customer Support | View Intercom website |
To download our Technical and Organisational Measures click here