DATA PROCESSING EEA/UK GDPR ADDENDUM

PART A – In this Data Processing Addendum, the following terms are defined:

Controller: A natural or legal person, public authority, agency, or any other body determining the purposes and means of Personal Data processing.
Controller-Controller: The model clauses for the transfer of personal data to Controllers in third countries, as per the European Commission’s Decision of 27 December 2004.
Controller-Processor: The model clauses for the transfer of personal data to Processors in third countries, as per the European Commission’s Decision of 5 February 2010.
Europe: Refers to the European Economic Area (EEA) and the UK.
European Data Protection Legislation: Encompasses GDPR, applicable national/federal or state/provincial legislation implementing GDPR, GDPR as incorporated into UK law, and other relevant data protection or privacy legislation in the EEA or the UK.
GDPR: The General Data Protection Regulation of the European Union (Regulation 2016/679 of 27 April 2016).
Processor: A natural or legal person, public authority, agency, or any other body processing data on behalf of a Controller.

PART B: EEA/UK CONTROLLER TO PROCESSOR

Scope: Applies when ProjectManagementTools.com operates in the EEA or the UK or processes data related to Data Subjects in Europe.

Obligations:

  • ProjectManagementTools.com processes data on behalf of the Controller and follows documented instructions.
  • Implements security measures to protect processed data against Security Incidents.
  • Does not subcontract obligations without the Controller’s authorization.
  • Assists the Controller in fulfilling obligations related to Data Subject rights.
  • Makes information available for demonstrating compliance with data protection laws and allows audits.

PART C: EEA/UK PROCESSOR TO CONTROLLER

Scope: Applies when either the affiliate or ProjectManagementTools.com is in the EEA or the UK, and ProjectManagementTools.com is a Controller.

Responsibilities:

  • Both parties comply with European Data Protection Legislation.
  • If ProjectManagementTools.com appoints a third party for data processing, it ensures compliance.
  • If ProjectManagementTools.com is in a territory without adequate protection, Controller-to-Controller Clauses are incorporated

PART D: EEA/UK SUPPLEMENTARY PROVISIONS

Scope: Applies whenever Part B or Part C is in effect.

  • In case of non-compliance due to circumstances beyond control, parties work together in good faith to resolve.
  • If an Authority requests access to Personal Data, ProjectManagementTools.com notifies the affiliate and informs the Authority of the Controller’s status.
  • ProjectManagementTools.com challenges legal prohibitions preventing disclosure.
  • ProjectManagementTools.com discloses Personal Data to an Authority only as legally required and notifies the affiliate promptly.
  • Exceptions apply in cases of imminent risk of serious harm.