Data processor terms (GDPR)

Where processing of data is in relation to European union /UK citizens the following shall apply

1. Definitions: In this Schedule, the following terms shall have the following meanings:
   • "controller", "processor", "data subject", "personal data" and "processing" (and "process") shall have the meanings given in Applicable Data Protection Law; and
   • "Applicable Data Protection Law" shall mean: Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation); and (ii) any other applicable data protection law in any jurisdiction outside of the European Union ("EU")
2. Relationship of the parties: Customer (the controller) appoints Skill Dynamics as a processor to process the personal data that is the subject of this Agreement (the "Data"). Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.
3. Purpose limitation: Skill Dynamics shall process the Data as a processor as necessary to perform its obligations under this Agreement and strictly in accordance with the documented instructions of Customer (the "Permitted Purpose", except where otherwise required by any EU (or any EU Member State) law applicable to Customer. In no event shall Skill Dynamics process the Data for its own purposes or those of any third party.
4. International transfers: Skill Dynamics shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area ("EEA") unless (i) it has first obtained Customer's prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.
5. Confidentiality of processing: Skill Dynamics shall ensure that any person that it authorises to process the Data (including Skill Dynamics's staff, agents and subcontractors) (an "Authorised Person") shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty or otherwise) and shall not permit any person to process the Data who is not under such a duty of confidentiality. Skill Dynamics shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.
6. Security: The processor shall implement appropriate technical and organisational measures to protect the Data from (i) accidental or unlawful destruction, (ii) accidental loss, alteration, unauthorised disclosure or access, and (iii) any other breach of security ((i), (ii) and (iii) together, a "Security Incident").
7. Subcontracting: Skill Dynamics shall not subcontract any processing of the Data to a third-party subcontractor without the prior written consent of Customer. Notwithstanding this, Customer consents to Skill Dynamics engaging third party subcontractors to process the Data provided that: (i) Skill Dynamics provides at least 30 days' prior notice of the addition or removal of any subcontractor (including details of the processing it performs or will perform), which may be given by providing the list of subcontractors by email to Customer; (ii) Skill Dynamics imposes data protection terms on any subcontractor it appoints that protect the Data to the same standard provided for by this Clause; and (iii) Skill Dynamics remains fully liable for any breach of this Clause that is caused by an act, error or omission of its subcontractor. If Customer refuses to consent to Skill Dynamics's appointment of a third-party subcontractor on reasonable grounds relating to the protection of the Data, then either Skill Dynamics will not appoint the subcontractor or Customer may elect to suspend or terminate this Agreement without penalty.You authorises Us to permit those Subprocessors / Subcontractors already engaged by Skill Dynamics as at the date of this Agreement (as set out in Annex 1) to process customer personal data as required to provide the Service.
8. Cooperation and data subjects' rights: Skill Dynamics shall provide all reasonable and timely assistance to Customer at its own expense to enable Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Skill Dynamics, Skill Dynamics shall promptly inform Customer providing full details of the same.
9. Security incidents: Upon becoming aware of a Security Incident, Skill Dynamics shall inform Customer without undue delay and shall provide all such timely information and cooperation as Customer may reasonably require including in order for Customer to fulfil its Data Breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Skill Dynamics shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer up-to-date about all developments in connection with the Security Incident.
10. Liability: Skill Dynamics shall be liable for all loss, cost, harm, expense (including reasonable legal fees), liabilities or damage ("Damage") suffered or incurred by Customer as a result of Skill Dynamics's breach of this Clause.