Cloud Data Protection Policy
This page is referred to in a number of our agreements, and applies when we are Processing Personal Data on your behalf. A reference to we, us or our on this page means the Hamillroad company with which you are contracting, and a reference to you or your on this page means the company or individual who is contracting with us.
Cloud Terms: Definitions and Interpretation
The following definitions and rules of interpretation apply in these Cloud Terms:
“Data Protection Legislation” means: (i) the UK’s Data Protection Act 2018; and (ii) the EU’s General Data Protection Regulation (Regulation 2016/679) together with any applicable transposing, implementing or supplementary legislation.
Any capitalised terms used but not defined on this page shall have the meanings given in the Data Protection Legislation.
Cloud Terms: Data Processing Requirements
- As your Processor, we will Process the Personal Data which we handle for you only for the purposes described in, and for the duration of, our services agreement. If we are legally required to Process the Personal Data which you provide to us for other reasons, then if we are allowed to do so we will notify you of this. Each of us acknowledges that the Personal Data which we will Process for you will usually consist of document metadata, trading names, file author’s name, end customer’s name as well as physical and email addresses.
- If we are aware that what you are asking us to do with Personal Data infringes applicable laws, we will notify you immediately (unless applicable laws prevents us from doing that) and we will not carry out what you are asking us to do.
- We will implement appropriate security measures (both technical and organisational) so that the Personal Data you give to us is kept sufficiently secure. You give us permission to transfer the Personal Data we are Processing for you internationally, and we will make sure that anyone we allow to Process Personal Data for you is subject to written confidentiality commitments.
- You approve our using sub-processors for data storage, hosting and transfer purposes, and we accept that we will be responsible to you for any breach of this page caused by our sub-processors. Our current sub-processor is Microsoft and we’ll update this page if this changes.
- At your cost, we will provide you with reasonable assistance to demonstrate compliance with the Data Protection Legislation, including but not limited to: (i) ensuring compliance with security, breach notification, impact assessments and prior consultation obligations; and (ii) responding to: (a) any Data Subject request to exercise their rights under Data Protection Legislation; and (b) any other correspondence, enquiry or complaint received in connection with our Processing of your Personal Data.
- If we become aware of a Personal Data Breach in relation to the Personal Data which you provide to us, we will inform you without undue delay and help you to fulfil any data breach reporting obligations you may have under Data Protection Legislation.
- Promptly following termination or expiry of our services agreement we will destroy the cloud instance we created for you as part of the services agreement and its associated data unless: (i) it has been archived on back-up systems which we will securely isolate and protect from further Processing; or (ii) we are required to keep it under applicable laws.
- In the event that Data Protection Legislation or appropriate guidance changes, we reserve the right to amend the data processing requirements on this page to ensure our terms continue to comply with applicable laws.
- If you have any questions about any of your obligations please contact: firstname.lastname@example.org