LEGAL

Data Processor

Our Legal Documents

DATA PROCESSING ADDENDUM FOR EEA/UK GDPR

PART A

The definitions are as follows:", 'The term "Controller" refers to any individual or organization, including public entities and agencies, that determines the objectives and methods for processing personal data—either alone or with others.

The concept of "Controller-Controller" pertains to the established clauses for transferring personal data between Controllers in non-EU countries, as outlined in the European Commission\'s ruling from December 27, 2004 (2004/915/EC), with updates or replacements made by the Commission over time.

"Controller-Processor" refers to the standardized clauses regarding personal data transfers to Processors outside the EU, detailed in the European Commission\'s Decision dated February 5, 2010 (2010/87/EU), subject to periodic updates or replacements by the Commission.

"Europe," for the purposes of data transfer, encompasses (i) the entire European Economic Area (EEA) as it stands at the time of each transfer, which includes EU member states plus Norway, Iceland, and Liechtenstein, and (ii) the United Kingdom.

"European Data Protection Legislation" encompasses: (i) GDPR regulations; (ii) any nation-specific laws implementing GDPR within EEA member states; (iii) UK-specific GDPR laws absorbing EU regulations post-Brexit via the European Union (Withdrawal Act) 2018; (iv) and any other pertinent privacy laws active within EEA or UK jurisdictions, inclusive of official guidelines, practice codes, or certification systems as issued by relevant authorities.

The abbreviation "GDPR" stands for the General Data Protection Regulation formulated by the EU (Regulation 2016/679 of April 27, 2016).', "The term 'Processor' identifies any person or organization, which could be a governmental body or agency, that processes data based on the instructions of a Controller.

1. This section is applicable: (i) when our Company, Square Media Ltd, operates within the EEA or the UK, or falls under GDPR or UK GDPR jurisdiction, especially when the processed data affects individuals in Europe; and (ii) when the Company serves as a data Processor.

2. If this section, Part B, applies, the following rules govern the transfer of Personal Data by Square Media Ltd, as well as any subsequent data handling:

PART B

EEA/UK CONTROLLER TO PROCESSOR

2.1 Square Media Ltd processes transferred Personal Data solely under the guidance of Square Media Ltd and its affiliates, unless required by law to act otherwise. If legal requirements exist, we'll notify affiliates beforehand unless prohibited by law.

2.2 Square Media Ltd guarantees that any personnel authorized to handle Personal Data have committed to confidentiality or are legally bound by it.

2.3 Square Media Ltd will implement both technical and organizational security measures to shield the Personal Data it processes from any security incidents, in compliance with current Data Protection Laws. These measures will at least meet the Minimum Security Requirements.

2.4 Square Media Ltd won’t subcontract its data processing duties without prior consent from the concerned affiliate. For new subcontractors, we'll notify affiliates beforehand, allowing time to object. Without objections, Square Media Ltd proceeds. All subcontractor agreements mirror the data obligations Square Media Ltd has under this Part B.

2.5 Considering the nature of the data handling, Square Media Ltd will assist affiliates with technical and organizational measures as possible, to ensure compliance with legal data protection rights.

2.6 Square Media Ltd will alert affiliates promptly upon identifying any security breach affecting the Personal Data we process, providing details, potential consequences, and remediation steps. We commit to minimizing any negative impacts and will keep affiliates updated about the mitigations.

2.7 Square Media Ltd will offer reasonable assistance with any data protection impact assessments or consultations that affiliates need to conduct under GDPR, based on the processing’s nature. Affiliates can choose to have Square Media Ltd delete or return all personal data post-service, except where law requires retention.

2.8 Upon written affiliate request, Square Media Ltd will supply information needed to show compliance with Data Protection Laws, and allow audit activities with reasonable notice during business hours. If audits involve third-party auditors, Square Media Ltd may require confidentiality agreements.

This Part C applies when either an affiliate or Square Media Ltd is in the EEA or UK, under GDPR or UK GDPR, or if the Personal Data pertains to European data subjects. In this context, Square Media Ltd acts as a Controller.

If Square Media Ltd operates as a Processor, then Part C is inactive, with Part B covering data transfers instead.

PART C:

EEA/UK PROCESSOR TO CONTROLLER

Each participant in data transfer, whether affiliate or Square Media Ltd, acts as a Controller. All parties will fully comply with European Data Protection laws, ensuring data subject transparency, lawful data handling, and resolving any data subject rights queries.

  • If Square Media Ltd wishes to engage a third party for data processing services from affiliates, compliance with the European Data Protection Law and this Addendum's requirements will be ensured.
  • If Square Media Ltd operates in an area not recognized by the European Commission for adequate data safeguarding, then both Square Media Ltd and affiliates agree to adopt Controller-Controller Clauses, considering affiliates as the 'Data Exporter' and Square Media Ltd as the 'Data Importer.'
  • ADDENDUM: EEA/UK SUPPLEMENTARY PROVISIONS
  • The goal of this section, Exhibit A-2 Part A-2.4, is to overlap with Part B or Part C. If unexpected changes affect legal data transfers, the parties will collaboratively seek compliant solutions.
  • Should Square Media Ltd learn of a pursuit by law enforcement or governing bodies for accessing personal data, we would: (i) inform affiliates immediately of such inquiries; (ii) clarify if Square Media Ltd functions as a Processor, requesting data access be pursued via affiliates as Controllers; (iii) request said bodies submit their intent officially to affiliates; and (iv) refrain from releasing any data without affiliate approval.
  • If legal restrictions prevent us from the above compliance, Square Media Ltd will endeavor reasonably to challenge such limitations.
  • Embark on a journey to understand how Betsquare is devoted to upholding your privacy by adhering to GDPR standards. Dive into the ways we make data security a top priority on our platform.
  • EEA/UK GDPR DATA PROCESSING SUPPLEMENT
  • The terminology used here is defined as follows:
  • \"Controller\" refers to either an individual or an organization, a public authority, an agency, or any entity that, solely or with others, decides the intent and methods for handling Personal Data.
  • \"Controller-Controller\" signifies the standard clauses meant for sharing personal data with Controllers located in third countries, as outlined in the European Commission’s Decision dated December 27, 2004 (2004/915/EC). These clauses may be updated or changed by the European Commission periodically.